Different types of malware you will come across eventually

Blog / Different types of malware you will come across eventually

Different types of malware you will come across eventually

Briefly summarised, what is malware? 

Malware can be defined as an intrusive software designed to disrupt the operating system of the device they are installed upon. Software that unintentionally affects the functionality of devices are referred to as software bugs.

Malware may be installed upon user’s devices through successful phishing attempts, malicious attachments, successful social engineering attempts or corrupted flash drives.

Types of malwares

It is important to be aware of the different types of malware as some are well recognised while others are not. 


Adware displays a barrage of unwanted and in some cases, malicious advertising on the affected device. Another feature of adware is the redirection of search results to advertising websites with the aim of gathering the user’s data to sell to advertisers and cyber criminals. The frequency of adware can be affected by the number of downloads made for specific programs. Users can also affect the frequency of the adware they receive and the advertisements shown to them when they manage preferences or by using an ad blocker. 

An example of an adware is Fireball which was discovered in 2017 which affected around 250 million computers internationally in addition to one fifth of cooperate networks worldwide. Fireball affected the devices by changing the user’s homepage to a fake engine and injecting intrusive adverts into the sites visited. The adware also prevented users from changing their browser settings. 


Spyware hides on affected devices whilst monitoring and stealing personal data such as financial details, login credentials and more. Spyware can be levied upon a device through underlying vulnerabilities being exploited. In addition to this, spyware can be embedded in legitimate software or in trojans. 

An example of a spyware is CoolWebSearch, a program which exploited hidden vulnerabilities in Internet Explorer to take control of the browser, change the setting and relay the gathered data to the owner of the spyware. 

Ransomware and crypto-malware 

Ransomware is a malware which locks the user out of their system and denies access to their files until a ransom is paid. Crypto-malware is a form of ransomware which encrypts user files until a payment is made by a certain day, in the form of crypto currency such as Bitcoin. The rate of ransomware being conducted on businesses has largely increased as more and more businesses shift online. 

An example of a ransomware is the 2013 and 2014 CryptoLocker which displayed a ransom message upon affected devices. The message displayed that once the ransom is paid by the deadline, the data would be decrypted. It is believed that CryptoLocker extorted around 3 million dollars using the malware.


A trojan is a malware which disguises itself as a legitimate software to gain access to your device. They serve as a backdoor for cyber criminals and unlike worms, they require a host to function. Once a trojan is successfully installed onto a device, hackers can delete files, make changes to files, steal user data, join the device to a wider scale botnet operation, spy on the user or access the user’s network. 

An example of a trojan is TrickBot, a malware that was originally designed as a banking trojan and later evolved into a multi-stage malware which enables its operators to commit additional numerous criminal activities. 


Worms spread across computer networks by exploiting underlying vulnerabilities. A worm is a program on its own which replicates itself to infect other devices without the need for additional interaction. 

An example of a worm is the 2003 SQL Slammer which generated random IP addresses and then sent itself out to look for unprotected devices. Over 75,000 computers were affected and between 2016-2017, there was a resurgence of the worm.


A keylogger is a malware which spies on user activity and although some uses for the software can be legitimate for example, tracking employee activity, criminals can enforce the keylogger software for malicious purposes. These malicious purposes extent spying upon and stealing financial details, account information and other personal information. Keyloggers can levied upon devices through phishing methods, social engineering attempts or drive-by downloads. 

An example of a keylogger situation is the 2017 event where a student from the University of Iowa installed keyloggers onto staff computers to extract login details with the aim to later modify grades. 


A bot, also called a zombie computer, is a computer that has been affected by malware that enables hackers to control the device. Once infected, the device then can be joined to a collection of other infected devices referred to as botnets which can then be used to carry out more cyberattacks on other devices. Botnets can be composed of millions of infected devices as they are often untraceable. Botnets are typically used for DDoS attacks and for phishing campaigns as well as introducing additional malwares on more devices. 

An example of a botnet situation is the 2016 Mirai which saw a large-scale DDoS attack being conducted on the large potion of the east coast of USA. The attack was feared as the work of another state and to this day, Mirai is a concern. 

Fileless malware 

Fileless malware infects devices through legitimate software without leaving any trace. The malware is not stored or installed directly onto a device and instead, transfers to the memory. The hard drive of the device typically is not affected by this malware. Fileless malware is becoming increasingly adopted as an attack method due to its detection difficulty.

Examples of fileless malware include Frodo, Number of the Beast and The Dark Avenger.

Logic bombs 

Logic bombs are a type of malware that is designed to activate at a certain time or on a certain attempt for example, after a specific number of log-ons. The damage that follows logic bombs vary from a change in data size to causing hard drives to become unusable. 

An example of a logic bomb is the 2016 situation where a programmer caused an issue at a branch of Siemens every few years with the hope to be repeatedly hired to fix the job.

About Securiwiser

We aim to provide our clients advice concerning implementation of various specific cyber security methods, some of which will be more suitable than others depending on the business type to help ensure the cyber health of our client’s system. 

We advise our clients (whether they are individual users or business owners) regarding various cyber threats that their businesses and operating systems may face. This includes increasing trends of certain threats and prevention methods that are cost effective and time saving.  

Furthermore, business owners, employees and general users may forget to conduct regular scans to monitor the health of their operating system, which criminals can take advantage of to gain unauthorised access by exploiting unrecognised, underlying vulnerabilities. 

Securiwiser can conduct regular scans for your system and provide a detailed cybersecurity risk assessment and a cybersecurity vulnerability assessment. We can further explain detected vulnerabilities and risks in detail to our clients and provide the best course of action that will save your business time and money.

How secure is

your business?

Security test

How secure is

your business?

Security test